As part of the Libraries walk-in-user pilot AARC project partner set up a customized instance of their solution didmos LUI (LDAP User Interface) that is being used for administrators to manage their libraries' / campuses' IP address ranges.

As can be seen on the main documentation page for the Libraries walk-in-user pilot, the portal has the following features:

  • Protected by a Shibboleth SP, any user from a federated IdP can access
  • Library administrators are authorized by
    • their eduPersonPrincipalName
    • their eduPersonEntitlement (must have some predefined value)
  • The only menu item "Trusted IP ranges" will allow Library administrators to enter any number of LDAP entries that
    • have an IP range start and end
    • associated eduPersonAffiliation (default unscoped value "library-walk-in", the generated scope will be taken from the scope of the administrator's eduPersonPrincipalName)
    • associated eduPersonEntitlement (can be set freely)
    • some description
  • The Walk-in-Library-User IdP will then use these LDAP entries to set these eduPersonAffiliation and eduPersonEntitlement values upon login of some user from that IP range

didmos LUI is written in Perl/CGI and is being used by DAASI as a customized frontend for their LDAP deployments. Both its source code and AARC customized configuration can be provided upon request (please send an e-mail to

  • No labels